EnforceLocalAnchorConstraintsEnabled

X.509 certificates may encode constraints, such as Name Constraints, in extensions in the certificate. RFC 5280 specifies that enforcing such constraints on trust anchor certificates is optional. Starting in Google Chrome 112, such constraints in certificates loaded from the platform certificate store will now be enforced. This policy exists as a temporary opt-out in case an enterprise encounters issues with the constraints encoded in their private roots. In that case this policy may be used to temporarily disable enforcement of the constraints while correcting the certificate issues. When this policy is not set, or is set to enabled, Google Chrome will enforce constraints encoded into trust anchors loaded from the platform trust store. When this policy is set to disabled, Google Chrome will not enforce constraints encoded into trust anchors loaded from the platform trust store. In Google Chrome version 112, this policy has no effect if the ChromeRootStoreEnabled policy is disabled. This policy was removed in Google Chrome version 126. Starting that version, constraints in trust anchors are always enforced.